增加页面过滤器，提高系统安全性

31e8756b · 季圣华 · 96d8fb05 · 31e8756b · 31e8756b · 31e8756b
Commit 31e8756b authored Mar 03, 2019 by 季圣华
--- a/erp_web/pages/common/main.html
+++ b/erp_web/pages/common/main.html
@@ -139,7 +139,6 @@
            });
        }
        UserOut(); //初始化时候执行
-        setInterval(UserOut, 10000); //每10秒检测一次
    });

 </script>

--- a/src/main/java/com/jsh/erp/ErpApplication.java
+++ b/src/main/java/com/jsh/erp/ErpApplication.java
@@ -5,12 +5,14 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
+import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.web.servlet.DispatcherServlet;

 @SpringBootApplication
 @MapperScan(basePackages = {"com.jsh.erp.datasource.mappers"})
+@ServletComponentScan
 @EnableScheduling
 public class ErpApplication{
    public static void main(String[] args) {

--- a/src/main/java/com/jsh/erp/filter/LogCostFilter.java
+++ b/src/main/java/com/jsh/erp/filter/LogCostFilter.java
+package com.jsh.erp.filter;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.annotation.WebInitParam;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@WebFilter(filterName = "LogCostFilter", urlPatterns = {"/*"},
+        initParams = {@WebInitParam(name = "ignoredUrl", value = ".css#.js#.jpg#.png#.gif#.ico"),
+                      @WebInitParam(name = "filterPath", value = "/user/login")})
+public class LogCostFilter implements Filter {
+
+    private static final String FILTER_PATH = "filterPath";
+    private static final String IGNORED_PATH = "ignoredUrl";
+
+    private static final List<String> ignoredList = new ArrayList<>();
+    private String[] allowUrls;
+    private String[] ignoredUrls;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        String filterPath = filterConfig.getInitParameter(FILTER_PATH);
+        if (!StringUtils.isEmpty(filterPath)) {
+            allowUrls = filterPath.contains("#") ? filterPath.split("#") : new String[]{filterPath};
+        }
+
+        String ignoredPath = filterConfig.getInitParameter(IGNORED_PATH);
+        if (!StringUtils.isEmpty(ignoredPath)) {
+            ignoredUrls = ignoredPath.contains("#") ? ignoredPath.split("#") : new String[]{ignoredPath};
+            for (String ignoredUrl : ignoredUrls) {
+                ignoredList.add(ignoredUrl);
+            }
+        }
+    }
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest servletRequest = (HttpServletRequest) request;
+        HttpServletResponse servletResponse = (HttpServletResponse) response;
+        String requestUrl = servletRequest.getRequestURI();
+        //具体，比如：处理若用户未登录，则跳转到登录页
+        Object userInfo = servletRequest.getSession().getAttribute("user");
+        if(userInfo!=null) { //如果已登录，不阻止
+            chain.doFilter(request, response);
+            return;
+        }
+        if (requestUrl != null && requestUrl.contains("/login.html")) {
+            chain.doFilter(request, response);
+            return;
+        }
+        if (verify(ignoredList, requestUrl)) {
+            chain.doFilter(servletRequest, response);
+            return;
+        }
+        if (null != allowUrls && allowUrls.length > 0) {
+            for (String url : allowUrls) {
+                if (requestUrl.startsWith(url)) {
+                    chain.doFilter(request, response);
+                    return;
+                }
+            }
+        }
+        servletResponse.sendRedirect("/login.html");
+    }
+
+    private static String regexPrefix = "^.*";
+    private static String regexSuffix = ".*$";
+
+    private static boolean verify(List<String> ignoredList, String url) {
+        for (String regex : ignoredList) {
+            Pattern pattern = Pattern.compile(regexPrefix + regex + regexSuffix);
+            Matcher matcher = pattern.matcher(url);
+            if (matcher.matches()) {
+                return true;
+            }
+        }
+        return false;
+    }
+    @Override
+    public void destroy() {
+
+    }
+}
\ No newline at end of file